The SitePoint Forums have moved.

You can now find them here.
This forum is now closed to new posts, but you can browse existing content.
You can find out more information about the move and how to open a new account (if necessary) here.
If you get stuck you can get support by emailing forums@sitepoint.com

If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

PHP Cookie Problem

Oki, so I'm currently making a website for my website and graphic design business, and I made a client login system on a test server which worked perfectly.

However I just bought hosting and a domain, and transferred the MySQL databases and php files over exactly the same (except I changed the username, password, and database names needed), and now it does not work.

I looked over the code, and it all seems fine and should work - but I tried the login on both servers, checked my temporary internet files, and it turns out that my client login is no longer creating cookies as it did before. And these cookies, along with the MySQL database, are what allows a user to stay logged in. I checked the database and it seems fine though - all the fields are filled out correctly, etc.

So that leaves me with one question. Why can't I get the cookies to work on this server?

I also checked the variables - domain, path, name, etc. and it all should work.

What's happening is the client is logging in with a quick login form at the top of the page, and this PHP is included at the top of all pages. Note that in the error display portion of the code, there are 5 instances where the program knows why the user is logged out, however, there is 1 instance that is undiagnosed - this is the error code that is being produced on my website. It thinks that it should be able to login - however when it tries it can't because the cookie is missing.

PHP Code:

<?
/* Settings */
define("COOKIE_NAME","Concord"); //name of the cookie
define("COOKIE_EXPIRY","3600"); //length of cookie life - in seconds - no less than 30 mins (1800 seconds)
define("COOKIE_DOMAIN",$_SERVER["HTTP_HOST"]); //set the domain the cookie answers to
define("COOKIE_PATH","/"); //path that the cookie is valid for - default is "/" (everywhere)
define("MEMBERS_TABLE","clients"); //name of the database to check the username/password against
define("SESSIONS_TABLE","client_sessions"); //name of the sessions table
define("SESSION_EXPIRY","1800"); //life of the session, in seconds
define("LOGIN_PAGE","index.html"); //page that the login form and the session error messages are shown
/* an array of page names that have restricted access. WARNING: do not have the LOGIN_PAGE in
the restricted pages array, you will create an endless loop when an error condition occurs */
$RESTRICTED_PAGES=Array("login.html");

/* Functions */
function manageCookie() {
//if there is no cookieid - then we are going to set a cookie.
if(strlen($_COOKIE[COOKIE_NAME]) < 1) {
/* create a unique value for the database/cookie key
take the current time in miliseconds. */
list($msec,$sec)=explode(" ",microtime());
$cookiekey=ereg_replace("\.","",($msec+$sec));

setcookie(COOKIE_NAME,"$cookiekey",$cookieexpiry,COOKIE_PATH,COOKIE_DOMAIN,0); //set the cookie
/*
set the _COOKIE variable so it can be used on this same page if just set, otherwise
the variable is not available on the same page the the cookie is?set
*/
$_COOKIE[COOKIE_NAME]=$cookiekey;
unset($cookiekey,$msec,$sec,$cookieexpiry);//clean up
} else {
//if the cookie has been set then we are just going to adjust the expiry date.
$cookieexpiry=time()+COOKIE_EXPIRY;
setcookie(COOKIE_NAME,$_COOKIE[COOKIE_NAME],$cookieexpiry,COOKIE_PATH,COOKIE_DOMAIN,0); //set the cookie
unset($cookieexpiry); //cleanup
}
}

if($row[username]!=$_REQUEST[username]) {
return 80082;
} //check for valid username
/* when checking password, we md5 the posted password, because in the database
we are assuming the for security reasons the password is md5'd. If it is not, remove
the md5 function from around the $_GET[password] */
if(md5($_REQUEST[password]) != $row[password]) {
return 80083;
} // check for valid password

/* if we are still here, then it is a good login, and we will save the info to the
sessions database. */
$res=@mysql_query("delete from ".SESSIONS_TABLE." where session_id='".$_COOKIE[COOKIE_NAME]."'",$c); //remove any old session that may be in there
/* save the session info - I have saved the basics that I could figure out here,
but you may have to add in the type, gall_level and gall_count since I do not know where
they are coming from - whether they are in the member database or what... */
session_start();

/* remove them from the sessions database, and delete their cookie by expiring it
we return the code 80084 so that we can treat it as a pseudo 'error' message on the
login page to notify them that they are logged out. */
$res=@mysql_query("delete from ".SESSIONS_TABLE." where session_id='".$_COOKIE[COOKIE_NAME]."'",$c);
setcookie(COOKIE_NAME,$_COOKIE[COOKIE_NAME],time()-86400,COOKIE_PATH,COOKIE_DOMAIN,0);

return 80084;

}

function checksite_login() {
global $c,$USER_INFO;

/* Error Code Listing
80085 - session expired
80000 - not logged in
*/
if(sizeof($USER_INFO["session_id"]) > 0) {
//if we are here they they have a session logged
if((time()-strtotime($USER_INFO["last_active"])) > SESSION_EXPIRY) {
//we just checked to see if they have been inactive for longer than we want
setcookie(COOKIE_NAME,$_COOKIE[COOKIE_NAME],time()-86400,COOKIE_PATH,COOKIE_DOMAIN,0);
return 80085; //return expired session code
}

//if we are still here, then they are good to go - update the last_active.
$res=@mysql_query("update ".SESSIONS_TABLE." set last_active='".date("Y-m-d H:i:s")."' where session_id='".$_COOKIE[COOKIE_NAME]."'",$c);
return 1; //return code for success

//if the user wants to login, it will trigger this code here when the action 'login' is sent through
if($_REQUEST[action]=="login") {
$result=site_login();
if($result!=1) {
//send them back to the login page with an error code to be looked up and displayed
header("Location: error.html?code=$result");
exit();
} else {
//send them to somewhere we want them to go next.
header("Location: login.html");
exit();
}
}

//if the user wants to logout, it will trigger this code here when the action 'logout' is sent through
if($_REQUEST[action]=="logout") {
header("Location: error.html?code=".site_logout());
exit();
} //log out the user

/* on any other page, we assume that they maybe logged in. if so then we want to update their
want to check to see if they have expired, and if not, update their last active time. */
if($_REQUEST[action] != "login" && $_REQUEST[action]!="logout" && $_REQUEST[code]!=80085) {
$login_check=checksite_login();
if($login_check==80085) {
//send them back to the login page with an error code to be looked up and displayed
header("Location: error.html?code=$login_check");
exit();
}
}

/* the final check that we do is to see if this is a page that they have access to. If we
are here, then either they are not logged in, or they are good to be here. Either way
we need to check to see if this is a restricted page, and if it is, whether they have
permissions to be here or not. I am initially assuming that anyone that is logged in
has access to the restricted page. If it is different that that, then the conditionals
in this function are all that need to be changed. */

//get the name of the current page.
$tmp=explode("/",$_SERVER[PHP_SELF]);
$current_page=$tmp[(sizeof($tmp)-1)];
/* if the current page is in the restricted list,
and the $login_check variable is not 1 (true) then they cannot have access.
The error code returned to the login page is 80086 */

/* if we are here, then this user has permission to view this page - VIOLA! :)

If you are using actions to display different functions on the page, i.e. an index page that
based on the action displays different things, do not put that pagename in the
restricted pages array, simply do the last conditional check above inside the case for that
action, it will check the restriction only when that case is triggered. */